Bug#925250: unblock: cron/3.0pl1-133
Hi,
brief update: Since the upload, one new bug has been reported for one of
the security fixes, which had been cherry-picked for jessie-security.
See below.
Otherwise, -133 has not triggered any new bug reports so far.
On 2019-03-21 20:19:01 +0100 Christian Kastner wrote:> I'd like to
request an unblock for cron/3.0pl1-133. The notable changes
> are smallish, and mainly concern security fixes that have been assigned
> CVE-2019-9704, -9705, and -9706 in the meantime. One of these fixes
> (limiting crontabs to 1000 lines) required a debian/NEWS entry.
Contrary to my expectations, it appears that users with crontabs longer
than 1000 lines do exist. In #925276, a user reported hitting this limit
with a programmatically generated crontab.
I would like to fix this by making the limit configurable, that is:
defaulting to 1.000 lines, but allowing a different limit in
/etc/default/cron, with a corresponding update to debian/NEWS.
However, I'd appreciate your feedback on the -133 changes, before adding
new ones on top of that.
> With regards to the security fixes, uploads for jessie and stretch are
> being or have been prepared.
FYI, cron 3.0pl1+deb8u2 was uploaded to jessie-security on 2019-03-21.
Regards,
Christian
Reply to: